...
Credentials are the user ID and password under which an Agent runs tasks on the machine where the Agent resides.
...
- If the task specifies Credentials, the Agent uses those Credentials.
- If the task does not specify Credentials, the Agent uses the Credentials specified in its Agent Details record.
- If the Agent Details does not specify Credentials, the Agent uses the Credentials used to install the Agent.
...
To convert a Credential type from Standard to Resolvable, Web Service, or Email, the Resolvable Credentials Permitted, Web Service Credentials Permitted, or Email Credentials Permitted Universal Controller system property, respectively, must be set to true.
...
- Click the Convert... button in the Credential Details.
- Select Convert... in the Credentials Details action menu.
- Select Convert... for a specific Credential in the Credentials List action menu.
When you convert a Credential, you must provide a new password. The Controller will not convert an encrypted password of one Credential type to an encrypted password of a different Credential type.
...
Note | ||
---|---|---|
| ||
Converting a Credential type does not create a new version of the Credential. Also, you cannot restore a Credential to an older version if the Credential type of the current version is not the same Credential type as the older version. |
...
As of Universal Controller 6.4.x, the Credential Runtime Passwords, along with the LDAP Settings Bind Password, Email Connection Passwords, Promotion Target Passwords, and Promotion Schedule Promotion Passwords, now are encrypted using AES with 128-bit keys.
...
- Apply maintenance to a pre-6.4.x release of Universal Controller to increase it to a 7.26.x release.
- Perform a bulk import or list import from a pre-6.4.x release of Universal Controller to a 7.26.x release.
- Promote from a pre-6.4.x release of Universal Controller to a 7.26.x release.
Under the following circumstance, conversion from the new encryption to the old encryption will be automatic.
- Promote from a 7.26.x release of Universal Controller to a compatible pre-6.4.x release. However, any attempt to promote a Resolvable Credential from a 7.26.x release of Universal Controller to a compatible pre-6.4.x release will fail.
Pre-6.4.0.0 releases cannot decrypt anything encrypted by a 7.26.x release, with the exception of promotion (noted above), which is fully backwards compatible.
Please note the following backwards compatibility constraints with respect to List Import, Bulk Import, and the Universal Controller Start-up Properties (opswise.properties).
- Any attempt to List Import or Bulk Import XML (containing a password encrypted by a 7.26.x release) into a pre-6.4.0.0 release will result in an encrypted value that cannot be decrypted by the pre-6.4.0.0 release.
- Any encrypted passwords within the Universal Controller Start-up Properties will be re-encrypted using the new algorithm when the 7.26.x Controller initializes at start-up. Once converted, that Universal Controller Start-up Properties will no longer be compatible with a pre-6.4.0.0 release.
...
In order to enable the use of Resolvable Credentials, the Resolvable Credentials Permitted Universal Controller system property must be set to true (default is false).
If the Resolvable Credentials Permitted property is set to false, the following restrictions on Resolvable Credentials apply:
...
To use Resolvable Credentials with a script, embed the Resolvable Credentials in any of the following:
- Content of a Script specified in the Script field in a Linux/Unix or Windows task.
- Content of a Data Script.
- Universal Template Script (Script, Linux/Unix Script, or Windows Script field).
- Content of a Script specified in the Payload Script field in a Web Service task.
Anchor | ||||
---|---|---|---|---|
|
Using Resolvable Credentials in a Task
To use Resolvable Credentials with a task, embed the Resolvable Credentials in any of the following:
Task | Fields |
---|---|
Linux/Unix |
|
Universal Task |
|
Windows |
|
Web Service |
|
Anchor | ||||
---|---|---|---|---|
|
Five Controller Credentials Functions are available for embedding Resolvable Credentials:
Name | Description | Syntax |
---|---|---|
Used for embedding the Key Location in a script. |
| |
Used for embedding the Passphrase in a script. |
| |
Used for embedding the Token in a script. |
| |
Used for embedding the Runtime User in a script. |
| |
Used for embedding the Runtime Password in a script. |
|
...
$(ops_unv_cred_key_loc_08236da16c3944899aae5a874da077bb)
$(ops_unv_cred_passphrase_08236da16c3944899aae5a874da077bb)
$(ops_unv_cred_token_08236da16c3944899aae5a874da077bb)
$(ops_unv_cred_user_08236da16c3944899aae5a874da077bb)
$(ops_unv_cred_pwd_08236da16c3944899aae5a874da077bb)
Additionally, for a Universal Template, you can create a Field of Type = Credential, which lets you select or create Resolvable Credentials. The Controller will create a variable for the Resolvable Credential Field, which you can embed in the Universal Template script using the Credentials Functions. This also lets you change Credentials when you run a Universal Task based on the Universal Template.
...
Note | ||
---|---|---|
| ||
By default, occurrences of Resolvable Credential passwords and passphrases are scrubbed from Web Service task output, reducing (but not eliminating) the risk of passwords and passphrases return to the task instance output or output metadata, which can be retrieved and viewed within Universal Controller. Please note, however, you still could use the functions against some API that stores the password and passphrase somewhere that you have access to. |
...
If the Execution User for a task instance does not have Execute permission for an embedded Resolvable Credential, the task instance will transition to the Start Failure status with one of the following status descriptions:
Execution with credentials "credential-name", contained within the Universal Template Script, prohibited due to security constraints.
Execution with credentials "credential-name", contained within the command field or parameters field, prohibited due to security constraints.
Execution with credentials "credential-name", contained within the script "script-name", prohibited due to security constraints.
Execution with credentials "credential-name", contained within a script, prohibited due to security constraints.
- For Web Service tasks:
Execution with credentials "credential-name", contained within the "<URL Query Parameter/Form Data/Payload/Payload Script/HTTP Headers>" field, prohibited due to security constraints.
If the Resolvable Credentials Permitted Universal Controller system property is set to false, any task instance with an embedded Resolvable Credential will result in a Start Failure status with the following status description:
...
You can embed source and destination Credentials in a UDM script using File Transfer Task Instance built-in variables.
For File Transfer tasks, the Agent may need additional credentials for logging on to the FTP server.
Anchor | ||||
---|---|---|---|---|
|
Step 1 | From the Automation Center navigation pane, select Other > Credentials. The Credentials list displays a list of all currently defined Credentials. |
---|---|
Step 2 | Enter/select Details for a new Credential, using the field descriptions below as a guide. As a best practice, use an alias in the Name field, as you may have several identical user names for different systems all having different passwords.
To display more of the Details fields on the screen, you can either:
|
Step 3 | Click a Save button. The Credential is added to the database, and all buttons and tabs in the Credential Details are enabled. |
Note | ||
---|---|---|
| ||
To open an existing record on the list, either:
|
Anchor | ||||
---|---|---|---|---|
|
...
For information on how to access additional details - such as Metadata and complete database Details - for Credentials (or any type of record), see Records.
Anchor | ||||
---|---|---|---|---|
|
...
Field Name | Description | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Details | This section contains detailed information about the credential. | ||||||||||||
Name |
| ||||||||||||
Version | System-supplied; version number of the current record, which is incremented by Universal Controller every time a user updates a record. Click on the Versions tab to view previous versions. For details, see Record Versioning. | ||||||||||||
Description |
| ||||||||||||
Member of Business Services |
| ||||||||||||
| Type of Credential.
| ||||||||||||
Provider | Specifies Provider. Options:
Default is Universal Controller. | ||||||||||||
Provider Parameters | When switching the Provider option, the default Provider Parameters for each provider will be populated. When switching to the Universal Controller provider, the Provider Parameters will not be displayed. | ||||||||||||
Runtime User |
| ||||||||||||
Runtime Password |
| ||||||||||||
Key Location |
| ||||||||||||
Passphrase |
| ||||||||||||
Token |
| ||||||||||||
Metadata | This section contains Metadata information about this record. | ||||||||||||
UUID | Universally Unique Identifier of this record. | ||||||||||||
Updated By | Name of the user that last updated this record. | ||||||||||||
Updated | Date and time that this record was last updated. | ||||||||||||
Created By | Name of the user that created this record. | ||||||||||||
Created | Date and time that this record was created. | ||||||||||||
Buttons | This section identifies the buttons displayed above and below the Credential Details that let you perform various actions. | ||||||||||||
Save | Saves a new Credential record in the Controller database. | ||||||||||||
Save & New | Saves a new record in the Controller database and redisplays empty Details so that you can create another new record. | ||||||||||||
Save & View | Saves a new record in the Controller database and continues to display that record. | ||||||||||||
New | Displays empty (except for default values) Details for creating a new record. | ||||||||||||
Update |
| ||||||||||||
Test Provider | For providers other than Universal Controller. Test Provider button will be available for validating the configured Provider Parameters. | ||||||||||||
Convert... | Allows you to convert the current Credential Type to a new type and define a new password for the Credential (see Converting Credential Types). | ||||||||||||
Delete |
| ||||||||||||
Refresh | Refreshes any dynamic data displayed in the Details. | ||||||||||||
Close | For pop-up view only; closes the pop-up view of this credential. | ||||||||||||
Tabs | This section identifies the tabs across the top of the Credential Details that provide access to additional information about the credential. | ||||||||||||
|
|
...